Consuming Twitter API 1.1 with Application-Only Auth in Android

Preamble

Recently twitter turned off API 1.0 requiring applications to move to 1.1 and begin using OAuth for all API calls. For those of us who simply wanted to display a user’s timeline in our app, that means things just got a little more complicated.

There are essentially three ways to authenticate with Twitter

Standard OAuth is what you’ll need to use if you want your users to be able to sign in with their own twitter credentials.

Single user mode is great if you are the only person using your application. For instance if your washing machine tweets updates. It’s much simpler to setup than Standard OAuth, but all actions will be performed in the context of the single user you specify in the code. (more info here)

Application Only is a little different in that instead of authenticating a user, you authenticate the application. Again, this type of authentication is a little easier to setup, but it comes with the limitation that you cannot perform any actions in the context of a user.

For my application I only needed to display the timelines from a handful of users. Since searching/reading tweets is public information I can use Application Only authentication. This process is documented already here, but this post will supplement some Android-specific code.

Prerequisites

The first thing you will need to do is sign into https://dev.twitter.com. Go to the “My Applications” section and create a new application for yourself. Twitter will assign you a Consumer Key and a Consumer Secret.

Getting Down to Business

We need to obtain a “bearer token” which will serve as the login credentials for our application. To obtain the bearer token we submit a specially formatted request to twitter. The request should look like this (without the line break on the Authorization line):

We will include the bearer token in every call we make to the API. It acts as our authentication. Before we jump into using the bearer token there are some things you should know about it.

It uniquely identifies your application to twitter. Do not post it publicly.

It can be revoked by twitter. If this happens, you will need to generate a new token using the process above.

It can be revoked by you. You would want to do this if someone else obtained the token and was using it without your permission

So while theoretically you could hard code the bearer token into your app, it’s better to save it to your application’s database or as a preference. If the token is revoked, your application should run the code above to get a new token.

Making the Call

Calling the API with the bearer token is very similar to what we did before. We simply add the bearer token as a header in the HTTP request like this

Which is created by the following Android code. The variable url specifies the API you are attempting to access. For instance https://api.twitter.com/1.1/statuses/user_timeline.json?count=100&screen_name=twitterapi

That means twitter could not authenticate you because you did not supply the correct information.
1. Are you trying to use the tokens I provided in this post? They will not work, you need to provide your own.

Hello I put the API key and API secret of my application, run the application, and clicking on “get Bearer Token” gave me a string like “AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2FAAAAA….” but clicking on “Get Feed” returns nothing. Please help!

I realize that it has been months since someone has replied to this, but it was so helpful that I wanted to make so that I let you know. Thanks for spelling things out so well and supplying code. I’ve seen a number of posts that give details, but all of them leave out important information. Yours covered everything perfectly!